At present it is possible to call the CMSE functions for checking
addresses (such as cmse_check_address_range) and forget to check/use
the return value. This patch makes the interfaces more robust against
programmer error by marking these functions with the warn_unused_result
attribute. With this set, any use of these functions that does not use
the result will produce a warning.
This produces a warning on default warn levels when the result of the
cmse functions is not used.
For the following function:
void foo()
{
int *data;
cmse_check_address_range((int*)data, 0, 0);
}
The following warning is emitted:
warning: ignoring return value of 'cmse_check_address_range' declared
with attribute 'warn_unused_result' [-Wunused-result]
6 | cmse_check_address_range((int*)data, 0, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcc/ChangeLog:
2019-07-10 Joel Hutton <[email protected]>
* config/arm/arm_cmse.h (cmse_nonsecure_caller): Add
warn_unused_result attribute.
(cmse_check_address_range): Add warn_unused_result attribute.
libgcc/ChangeLog:
2019-07-10 Joel Hutton <[email protected]>
* config/arm/cmse.c (cmse_check_address_range): Add
warn_unused_result attribute.
2019-07-10 Joel Hutton <[email protected]>
* gcc.target/arm/cmse/cmse-17.c: New test.
From 628070faaf157934e6b4c8d7d2d288244467bea6 Mon Sep 17 00:00:00 2001
From: Joel Hutton <[email protected]>
Date: Wed, 10 Jul 2019 09:59:58 +0100
Subject: [PATCH] CMSE warn unused result
---
gcc/config/arm/arm_cmse.h | 2 ++
gcc/testsuite/gcc.target/arm/cmse/cmse-17.c | 10 ++++++++++
libgcc/config/arm/cmse.c | 1 +
3 files changed, 13 insertions(+)
create mode 100644 gcc/testsuite/gcc.target/arm/cmse/cmse-17.c
diff --git a/gcc/config/arm/arm_cmse.h b/gcc/config/arm/arm_cmse.h
index b543cbfe455ae57487be199f7c918eb87db30bf2..a72c46f1a954bd3ba4aefcdbb7a31085d0f583c0 100644
--- a/gcc/config/arm/arm_cmse.h
+++ b/gcc/config/arm/arm_cmse.h
@@ -164,6 +164,7 @@ __CMSE_TT_ASM (at)
/* FIXME: diagnose use outside cmse_nonsecure_entry functions. */
__extension__ static __inline int __attribute__ ((__always_inline__))
+__attribute__ ((warn_unused_result))
cmse_nonsecure_caller (void)
{
return __builtin_arm_cmse_nonsecure_caller ();
@@ -184,6 +185,7 @@ cmse_nonsecure_caller (void)
#define CMSE_MPU_READ 8
__extension__ void *
+__attribute__ ((warn_unused_result))
cmse_check_address_range (void *, size_t, int);
#define cmse_check_pointed_object(p, f) \
diff --git a/gcc/testsuite/gcc.target/arm/cmse/cmse-17.c b/gcc/testsuite/gcc.target/arm/cmse/cmse-17.c
new file mode 100644
index 0000000000000000000000000000000000000000..a2cce09afae590461b86397e73e9b98649bed95a
--- /dev/null
+++ b/gcc/testsuite/gcc.target/arm/cmse/cmse-17.c
@@ -0,0 +1,10 @@
+/* { dg-do compile } */
+/* { dg-options "-mcmse"} */
+
+#include <arm_cmse.h>
+
+void foo()
+{
+ int *data;
+ cmse_check_address_range((int*)data, 0, 0); /* { dg-warning "ignoring return value" } */
+}
diff --git a/libgcc/config/arm/cmse.c b/libgcc/config/arm/cmse.c
index 34a46fde2d2fcd9dc181bf5a74dd698de2ebc9bd..0c5a3eaefab49ae07e67b82481fdd0d8dd100227 100644
--- a/libgcc/config/arm/cmse.c
+++ b/libgcc/config/arm/cmse.c
@@ -30,6 +30,7 @@
address range. See ACLE changes for ARMv8-M. */
void *
+__attribute__ ((warn_unused_result))
cmse_check_address_range (void *p, size_t size, int flags)
{
cmse_address_info_t permb, perme;
--
2.17.1
